2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Cross site scripting (XSS) injection can be done via the account/service field. This was tested in docker-compose environment. This vulnerability has been patched in version 4.0.3.
References
Link | Resource |
---|---|
https://github.com/Bubka/2FAuth/releases/tag/v4.0.3 | Release Notes |
https://github.com/Bubka/2FAuth/security/advisories/GHSA-cwhq-2mcq-pp9q | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-03T16:12:17.141Z
Updated: 2023-07-03T16:12:17.141Z
Reserved: 2023-06-27T15:43:18.384Z
Link: CVE-2023-36816
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-03T17:15:09.463
Modified: 2023-07-10T17:32:21.630
Link: CVE-2023-36816
JSON object: View
Redhat Information
No data.
CWE